1. Technical Field
This invention relates to security for networks including computer terminals and portable personal data carriers such as IC cards, sometimes called smart cards or chip cards, having an onboard computer and electronic memory for storing data and processing commands.
2. Description of the Prior Art
The use of identification cards having computing power and memory built into the card, has been described in the technical literature for some time. Examples are U.S. Pat. No. 4,211,919 to Ugon, and U.S. Pat. No. 3,702,464 to Castrucci. A disadvantage of known prior art IC cards that use electrically erasable programmable read only memory (EEPROM) is that the life of an EEPROM is defined by the number of write cycles (e.g., 10,000) before a write failure occurs. Accordingly, the usable life of an IC card using the memory is also limited.
On-card security protection is taught by U.S. Pat. No. 4,816,653. Security is provided in this prior art teaching by having multiple levels of user authorization. Access to a command and to data depends upon who is the current holder of the card, the authority level required to execute a command, and also depends on password data protection contained in the header of each data file.
While providing significantly better user authority checking and security than provided by magnetic stripe identification cards, the above referenced IC cards operate primarily as only semi-intelligent peripheral memory devices. That is to say, the cards respond to read and write command primitives from the workstation, and provide data or record data if the password of the person at the workstation indicates that the person has the authority to perform the requested command. Further, the interface to the prior art IC cards is not well defended. An attack can be made by monitoring the interface while passwords are transferred to or from the card.
Also, the security systems in use with IC cards of the prior art are of a fixed architecture and not easily adapted to differing applications from point of sale to social security or other as of yet unidentified applications. Likewise, when each decision must be referred to the card for processing, a significant number of binary, yes/no responses are provided by the card which may expose the card to attack by unscrupulous persons.